Sponsored by..

Thursday, 19 July 2012

"Fwd: Wire Transfer (9579GQ518) " spam / forumanarhist.ru

This fake wire transfer spam leads to malware at forumanarhist.ru:

Date:      Thu, 19 Jul 2012 02:56:36 -0400
From:      CABALLEROFANNYcRU@aol.com
Subject:      Fwd: Wire Transfer (9579GQ518)
Attachments:     Wire_AMBA01-Rejected.htm

Dear Operator,

WIRE N: FD-1059598546520289


You can find details in the attached file.

The malicious attachment is named Wire_AMBA01-Rejected.htm and contains a redirector to [donotclick]forumanarhist.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c (report here)

That site is multhomed at the following IPs:

There are some additional IPs and domains that can be found in this post that should also be blocked.

No comments: